VE 01: Difference between revisions

Revision as of 15:57, 27 July 2005

SECTION 1: CRYPTOGRAPHIC MODULE SPECIFICATION

AS.01.01The cryptographic module shall be a set of hardware, software,

firmware, or some combination thereof that implements cryptographic

functions or processes, including cryptographic algorithms and,

optionally, key generation, and is contained within a defined

cryptographic boundary.

Assessment:

AS.01.02The cryptographic module shall implement at least one Approved

security function used in an Approved mode of operation.

Note: This assertion is tested as part of AS01.12.

Assessment:

AS.01.03The operator shall be able to determine when an Approved mode of

operation is selected.

Assessment:

VE.01.03.01The vendor provided nonproprietary security policy shall provide a

description of the Approved mode of operation.

Assessment:

VE.01.03.02The vendor provided non-proprietary security policy shall provide

instructions for invoking the Approved mode of operation.

Assessment:

AS.01.05The cryptographic boundary shall consist of an explicitly defined

perimeter that establishes the physical bounds of the cryptographic

module.

Assessment:

AS.01.06If the cryptographic module consists of software or firmware

components, the cryptographic boundary shall contain the processor(s)

and other hardware components that store and protect the software and

firmware components.

Assessment:

VE.01.06.01For each processor in the module, the vendor shall identify, by major

services, the software or firmware that are executed by the processor,

and the memory devices that contain the executable code and data.

Assessment:

VE.01.06.02For each processor, the vendor shall identify any hardware with which

the processor interfaces.

Assessment:

AS.01.07The following documentation requirements shall apply to all

security-specific hardware, software, and firmware contained within the

cryptographic module.

Note: This assertion is not separately tested.

Assessment:

AS.01.08Documentation shall specify the hardware, software, and firmware

components of the cryptographic module, specify the cryptographic

boundary surrounding these components, and describe the physical

configuration of the module.

Assessment:

VE.01.08.01All hardware, software, and firmware components of the cryptographic

module shall be identified in the vendor documentation. Components

to be listed shall include, as applicable, all of the following:

1. Integrated circuits, including processors, memory, and (semi-)

custom integrated circuits

2. Other active electronic circuit elements

3. Power inputs and outputs, and internal power supplies or

converters

4. Physical structures, including circuit boards or other mounting

surfaces, enclosures, and connectors

5. Software and firmware modules

6. Other component types not listed above

Assessment:

VE.01.08.02The above list of components shall be consistent with the information

provided for all other assertions of this section.

Assessment:

VE.01.08.03The vendor documentation shall specify the module's cryptographic

boundary. The cryptographic boundary shall be an explicitly defined,

contiguous perimeter that establishes the physical bounds of the

cryptographic module. The boundary definition shall specify module

components and connections (ports), and also module information

flows, processing, and input/output data.

Assessment:

VE.01.08.04The cryptographic boundary shall include any hardware or software

that inputs, processes, or outputs important security parameters that

could lead to the compromise of sensitive information if not properly

Assessment:

VE.01.08.05The vendor documentation shall specify the physical embodiments of

the module ( single-chip cryptographic module, multiple-chip embedded

cryptographic module, or multiple-chip standalone cryptographic

module, as defined in Section 4.5 of FIPS PUB 140-2.

Assessment:

VE.01.08.06The vendor's documentation shall indicate the internal layout and

assembly methods (e.g., fasteners and fittings) of the module, including

drawings that are at least approximately to scale. The interior of

integrated circuits need not be shown.

Assessment:

VE.01.08.07The vendor's documentation shall describe the primary physical

parameters of the module, including descriptions of the enclosure,

access points, circuit boards, location of power supply, interconnection

wiring runs, cooling arrangements, and any other significant parameters.

Assessment:

AS.01.09Documentation shall specify any hardware, software, or firmware

components of the cryptographic module that are excluded from the

security requirements of this standard and explain the rationale for the

exclusion.

Assessment:

VE.01.09.01All components that are to be excluded from the security requirements

shall be explicitly listed in the vendor documentation.

Assessment:

VE.01.09.02The rationale for excluding each of the components listed in response to

requirement VE01.09.01 shall be provided in the vendor

documentation. The vendor shall show that each component, even if

malfunctioning or misused, cannot cause a compromise under any

Assessment:

AS.01.10Documentation shall specify the physical ports and logical interfaces

and all defined input and output paths of the cryptographic module.

Note: This assertion is tested as part of AS02.01.

Assessment:

AS.01.11Documentation shall specify the manual or logical controls of the

cryptographic module, physical or logical status indicators, and their

physical, logical, and electrical characteristics.

Note: This assertion is tested as part of AS02.01.

Assessment:

AS.01.12Documentation shall list all security functions, both Approved and

non-Approved, that are employed by the cryptographic module and

shall specify all modes of operation, both Approved and non-Approved.

Assessment:

VE.01.12.01The vendor shall provide a validation certificate for all Approved

cryptographic algorithms.

Assessment:

VE.01.12.02The vendor shall provide a list of all non-Approved security functions.

Assessment:

AS.01.13Documentation shall specify a block diagram depicting all of the major

hardware components of the cryptographic module and their

interconnections, including any microprocessors, input/output buffers,

plaintext/ciphertext buffers, control buffers, key storage, working

memory, and program memory.

Assessment:

VE.01.13.01The vendor documentation shall include a block diagram showing the

hardware components and their interconnections. Components to be

included in the block diagram shall include, as applicable:

1. Microprocessors

2. Input/output buffers

3. Plaintext/ciphertext buffers

4. Control buffers

5. Key storage

6. Working memory

7. Program memory

8. Other components types not listed above

Assessment:

VE.01.13.02The block diagram shall also include any (semi-) custom integrated

circuits (e.g., gate arrays, field programmable gate arrays, or other

programmable logic).

Assessment:

VE.01.13.03The block diagram shall show interconnections among major

components of the module and between the module and equipment or

components outside of the cryptographic boundary.

Assessment:

VE.01.13.04The block diagram shall show the cryptographic boundary of the

module.

Assessment:

AS.01.14Documentation shall specify the design of the hardware, software, and

firmware components of the cryptographic module. High-level

specification languages for software/firmware or schematics for

hardware shall be used to document the design.

Assessment:

VE.01.14.01The vendor shall provide a detailed specification of the design of the

hardware, software, and/or firmware contained in the module. This

documentation shall include, the finite state model and description

referred to in Section 4.4 of FIPS PUB 140-2. If the relationship

between the finite state model and the design specification is not clear,

the vendor shall provide additional documentation that describes this

Assessment:

AS.01.15Documentation shall specify all security-related information, including

secret and private cryptographic keys (both plaintext and encrypted),

authentication data (e.g., passwords, PINs), CSPs, and other protected

information (e.g., audited events, audit data) whose disclosure or

modification can compromise the security of the cryptographic module.

Assessment:

VE.01.15.01The vendor shall provide documentation specifying all security-related

information, including secret and private cryptographic keys (both

plaintext and encrypted), authentication data (e.g., passwords, PINs),

CSPs, and other protected information (e.g., audited events, audit data)

whose disclosure or modification can compromise the security of the

cryptographic module.

Assessment:

AS.01.16Documentation shall specify the cryptographic module security policy.

The security policy shall include the rules derived from the

requirements of this standard and the rules derived from any additional

requirements imposed by the vendor.

Assessment:

VE.01.16.01The vendor shall provide a separate nonproprietary security policy.

The security policy is defined in Appendix C of FIPS PUB 140-2.

Assessment:

SECTION 2: MODULE PORTS AND INTERFACES

AS.02.01The cryptographic module shall restrict all information flow and

physical access points to physical ports and logical interfaces that define

all entry and exit points to and from the module.

Assessment:

VE.02.01.01Vendor documentation shall specify each of the physical ports and

logical interfaces of the cryptographic module, including the:

1. Physical ports and their pin assignments

2. Physical covers, doors or openings

3. Logical interfaces (e.g., APIs and all other data/control/status

signals) and the signal names and functions

4. Manual controls (e.g., buttons or switches) for applicable physical

control inputs

5. Physical status indicators (e.g., lights or displays) for applicable

physical status outputs

6. Mapping of the logical interfaces to the physical ports, manual

controls, and physical status indicators of the cryptographic module

7. Physical, logical, and electrical characteristics, as applicable, of the

above ports and interfaces

Assessment:

VE.02.01.02Vendor documentation shall specify the information flows and physical

access points of the cryptographic module by highlighting or annotating

copies of the block diagrams, design specifications and/or source code

and schematics provided in Sections 1 and 10. The vendor shall also

provide any other documentation necessary to clearly specify the

relationship of the information flows and physical access points to the

physical ports and logical interfaces.

Assessment:

VE.02.01.03For each physical or logical input to the cryptographic module, or

physical and logical output from the module, vendor documentation

shall specify the logical interface to which the physical input or output

belongs, and the physical entry/exit port. The specifications provided

shall be consistent with the specifications of the cryptographic module

components provided under sections 1 and 10, and the specifications of

the logical interfaces provided in assertions AS02.03 to AS02.09 of this

section.

Assessment:

AS.02.02The cryptographic module interfaces shall be logically distinct from

each other although they may share one physical port (e.g., input data

may enter and output data may exit via the same port) or may be

distributed over one or more physical ports (e.g., input data may enter

via both a serial and a parallel port).

Assessment:

VE.02.02.01The vendor's design shall separate the cryptographic module interfaces

into logically distinct and isolated categories, using the categories listed

in assertion AS02.03, and, if applicable, AS02.09 in this section. This

information shall be consistent with the specification of the logical

interfaces and physical ports provided in AS02.01 in this section.

Assessment:

VE.02.02.02Vendor documentation shall provide a mapping of each category of

logical interface to a physical port of the cryptographic module. A

logical interface may be physically distributed across more than one

physical port, or two or more logical interfaces may share one physical

port as long as the information flows are kept logically separate. If two

or more logical interfaces share the same physical port, vendor

documentation shall specify how the information from the different

interface categories is kept logically separate.

Assessment:

AS.02.03The cryptographic module shall have the following four logical

interfaces ("input" and "output" are indicated from the perspective of

the module):

* Data input interface

* Data output interface

* Control input interface

Assessment:

VE.02.03.01Vendor documentation shall specify that the following four logical

interfaces have been designed within the cryptographic module ("input"

and "output" are indicated from the perspective of the module):

* data input interface (for the entry of data as specified in AS02.04),

* data output interface (for the output of data as specified in

AS02.05),

* control input interface (for the entry of commands as specified in

AS02.07), and

* status output interface (for the output of status information as

Assessment:

AS.02.04All data (except control data entered via the control input interface) that

is input to and processed by the cryptographic module (including

plaintext data, ciphertext data, cryptographic keys and CSPs,

authentication data, and status information from another module) shall enter via the "data input" interface.

Assessment:

VE.02.04.01The cryptographic module shall have a data input interface. All data

(except control data entered via the control input interface) that is to be

input to and processed by the cryptographic module shall enter via the

VE 01: Difference between revisions

Revision as of 15:57, 27 July 2005

Navigation menu

Search